Azure Security

Azure VMs (IaaS) security steps –

1. Applying NSGs (Network Security Group) on Subnet or at VM level to control Inbound and Outbound traffic by providing IP range and rules
2. Blocking Ports that can be a threat and not needed to expose to other Azure Services or public traffic. RDP can be blocked and if someone still needs to do RDP on VM for any administrative work, then make use of Jump Server
3. Use of appropriate DMZ and making use of 3rd party firewalls like Barracuda
4. Azure RBAC and Policies in place for better control and governance

Azure PaaS (App Service) security steps –

1. Applying WAF (Web Application Firewall) to protect your applications
2. Enable Threat Protection for Azure SQL DBs
3. Manage SAS Tokens and Keys effectively for Azure Storage and keys of other APIs
4. Implement Multi-Factor Authentication for applications
5. Implement AD Authentication to enforce policies
6. Use Azure Key Vault to store secret keys (including passwords of Azure VMs)
7. Ensure to run OWASP Top 10 testing for your application and align as per OWASP Top 10 policies
8. Restrict IP address by adding your resources to Virtual Network
9. User Azure DDoS protection and Azure Pen Test to ensure highest level of security for your applicatio